Warning: The new Google Docs phishing scam

Google has shut down an email spam campaign that impersonated its online file service, Google Docs.

According to online reports - in particular, a detailed user thread on Reddit - clicking on an emailed share link, purportedly from a known source, was taking users to a site that asked permission for a fake app calling itself "Google Docs" to access their accounts.

If they agreed, the app would then send additional copies of the original email to the users' contacts.

Users do not have to take additional action, although Google encouraged those who want to be extra safe to run its security check feature.

One telltale sign for identifying the spam email is that it appears to be directed to the address hhhhhhhhhhhhhhhh@mailinator.com and is only blind copied to the recipient.

Sarah Clark, from Leeds-based IT solutions firm Afinite, said:

‘This is one of the most widespread phishing attacks we’ve seen. Typical phishing attacks would usually trick the user into handing over personal information, but this one was far more sophisticated. It bypassed the need to steal people’s logins by building a third-party app which used Google’s own processes to gain access to the account.

"What we’re seeing is the evolution of phishing; they are getting more and more difficult to detect.

"Statistics show that 23 per cent of employees spend up to an hour a day on their personal emails whilst at work, so we are urging companies to review their security systems in place."